Overview

overview

8

Static

static

1

SpywareTer...up.exe

windows7-x64

8

SpywareTer...up.exe

windows10-2004-x64

8

Resubmissions

09-11-2024 01:51

241109-b9v7gavcmg 8

08-11-2024 22:41

241108-2l67ya1glj 10

Analysis

  • max time kernel
    103s
  • max time network
    96s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09-11-2024 01:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpywareTerminatorSetup.exe

  • Size

    8.8MB

  • MD5

    c3a9452f054664daf4de1e246c485c20

  • SHA1

    e0185db4a5c5b7379a0eff099e39f0f56a18ba89

  • SHA256

    9f95bbe3fb28e4c290e869b40ae20dcd9db64071cda11a77a9313c0e13b55518

  • SHA512

    6438fb21aa223d354864b6ca14f42668007a17db718727266e54cd2b7f44e9924e51187b604cb7913dc550354114efc0b55834832f891ac6796a53abc928fca9

  • SSDEEP

    196608:59Xf8Of5m6QpeBh4BE8h1RipvU0SQ7pZ+nU8TjLkYJC:TXfvflGeX4BXr6vtH1AUI/7J

Score
8/10
adwarediscoverypersistenceprivilege_escalationspywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs 6 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 36 IoCs
  • Drops file in Windows directory 1 IoCs
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 64 IoCs
  • Modifies system executable filetype association 2 TTPs 24 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of FindShellTrayWindow 15 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SpywareTerminatorSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\SpywareTerminatorSetup.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2464
    • C:\Users\Admin\AppData\Local\Temp\is-A4BND.tmp\SpywareTerminatorSetup.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-A4BND.tmp\SpywareTerminatorSetup.tmp" /SL5="$301C6,8420808,160256,C:\Users\Admin\AppData\Local\Temp\SpywareTerminatorSetup.exe"
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Windows\SysWOW64\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STShell.dll"
        3⤵
        • Loads dropped DLL
        • Modifies system executable filetype association
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        PID:1696
      • C:\Windows\system32\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STShell64.dll"
        3⤵
        • Loads dropped DLL
        • Modifies system executable filetype association
        • Modifies registry class
        PID:696
      • C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
        "C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /INSTALL
        3⤵
        • Adds Run key to start application
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2500
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STShell.dll"
          4⤵
          • Loads dropped DLL
          • Modifies system executable filetype association
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          PID:588
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STShell64.dll"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2156
          • C:\Windows\system32\regsvr32.exe
            /s "C:\Program Files (x86)\Spyware Terminator\STShell64.dll"
            5⤵
            • Loads dropped DLL
            • Modifies system executable filetype association
            • Modifies registry class
            PID:1420
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\SysWOW64\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll"
          4⤵
          • Installs/modifies Browser Helper Object
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Modifies registry class
          PID:596
        • C:\Windows\SysWOW64\regsvr32.exe
          "C:\Windows\System32\regsvr32.exe" /s "C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll"
          4⤵
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:2352
          • C:\Windows\system32\regsvr32.exe
            /s "C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll"
            5⤵
            • Installs/modifies Browser Helper Object
            • Loads dropped DLL
            • Modifies Internet Explorer settings
            • Modifies registry class
            PID:1940
        • C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe
          "C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe" /install
          4⤵
          • Drops file in Program Files directory
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:2088
      • C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
        "C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /postinstall
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1524
        • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
          "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /INSTALL
          4⤵
          • Drops file in Program Files directory
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:2324
        • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
          "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1248
          • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
            "C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" /CHECKNOW
            5⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:2888
      • C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
        "C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        PID:1712
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://www.spywareterminator.com/purchase.aspx?cfg=8&lng=en&subid=W7&dinst=0&b=ST_FACL_Close
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          PID:1668
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1668 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2572
  • C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
    "C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
    1⤵
    • Drops file in Program Files directory
    • Executes dropped EXE
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2984
    • C:\Windows\system32\RUNDLL32.EXE
      "C:\Windows\system32\RUNDLL32.EXE" SETUPAPI.DLL,InstallHinfSection DefaultInstall 128 C:\PROGRA~2\SPYWAR~1\Driver\stflt.inf
      2⤵
      • Drops file in Drivers directory
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      PID:2396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Browser Extensions

1
T1176

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

2
T1546

Change Default File Association

1
T1546.001

Component Object Model Hijacking

1
T1546.015

Defense Evasion

Modify Registry

4
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Spyware Terminator\Driver\stflt.cat
    Filesize

    9KB

    MD5

    1a36ceb2dbf501cc99b1fe8779951b39

    SHA1

    69a210135cd77067d7d44a4a7d3c29a732ad1ca1

    SHA256

    4afda8aae7c511d9b7a037d82c94cee6b724a308cc6bd2ef1b1a75b5f0aec8df

    SHA512

    a06aedba510aaa01c87b183b34d2d3680c8cb06acacb359611240e82e413b9f08422b7584b2be1d49ecaa79788db987bc7370becbb5d2408ff6be3c2246d8540

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Driver\stflt.inf
    Filesize

    2KB

    MD5

    03ff8d629a1f61166e8c66617d886c02

    SHA1

    3033cea68ca8834cecdc8f9104fe5ec087528227

    SHA256

    513a031fd758365167d4327152dc80c6cb63bf763ffcc7e162ef26944443f5d2

    SHA512

    5c6cced543c17782f7b1c76dcdffc74d9159fb6c77218aeef71780a86e09db054b1744e90ebf51e87565a55f9b20c0e9196773ed408024b6362bd18f322087a8

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Driver\stflt.sys
    Filesize

    50KB

    MD5

    b9657a0aff28c1cb114acc0cb93ee4bb

    SHA1

    35b22f9023755536a423844f47fd80421d4c90e1

    SHA256

    619de6438827a648566cb6f6407df30e3bbce345775b0154d883a48e244a62ee

    SHA512

    b3cd93a333d5ce0d4f4f13e853c74e94c43ce86b733abd5b285479ab06fad1505bce3b55a63c4432c3dbf1cd1af83e6722398b6d51af4b6ce0a4ba5f2d2d7dcb

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STInternetGuard.dll
    Filesize

    1.2MB

    MD5

    1d65dc1551573b40f6397c73ce5c7f9b

    SHA1

    3100699480372f60dcebc14fbf240991d4f25ab7

    SHA256

    87cda8e7dfaf460003ee9f1933e4d0add28a6647d5d02925ca71a0a60c95bdc4

    SHA512

    b028312765424e66531f26e359b17edafd9606e37bc934a8712f8d381aa010ef940e20554b864768e68821d95917cb0622ced0375b194bb857d059d3975cc3c3

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STInternetGuard.exe
    Filesize

    1.2MB

    MD5

    8fc791f066f459bc5f1397c7a2cd5f5d

    SHA1

    ab4c8c3d35d4844b870b346519d997b6d18c9412

    SHA256

    6768dd32576154dcc7b990132179e802fd0778dee9e2af82f891ef4103e042cd

    SHA512

    efb24cfa09e6e4f67844c642176e1bd8cc5b5dc5ac086366a3e95a218f26d1c978a0105a69b1664b48137b6e025bf0e47f742336e89e02fdf3da03dc6524c293

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STInternetGuard64.dll
    Filesize

    1.9MB

    MD5

    b0eb392df2f774e067048346fcdb8622

    SHA1

    0476253aab53543f7f4385d9f2b0b51d40993973

    SHA256

    206b751870d3e2c164390b5c1980b4ae08f0677bfc52902bf329641a731c285d

    SHA512

    d99fc0a403156995729530231784acfcda7a28967250e9bdb63a3c4bb52c415831fff053c60143fb523f3a52b4e079c712064fb931d395a2ccfd82b446e4fd81

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STShell.dll
    Filesize

    918KB

    MD5

    cc67bdf613d0d482acc73bdd10d56f13

    SHA1

    092f09d7e898030c3d239289a1eb52fcfaf0977c

    SHA256

    b0201e248b64beb3b8f3ee1fb2764594b833cb2ba77ba51c9832961f46184c48

    SHA512

    5c3d355d52cffb2834da3e099cba082c7d1441d8367fff50b82666f714ba725b2c79d460f0db327afa541408140826b19cf5ca4713809b06533d4967e9795a4e

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\STShell64.dll
    Filesize

    1.4MB

    MD5

    c9fbb8c492309556c74094bd2f6deeb2

    SHA1

    cf83fdc0e20d66111edd6daa9934d37d2bbcf602

    SHA256

    25a2ce9a86777cd9a5a5bb4a95c4f4a691573868d22a176a61cac3ee7411b6c0

    SHA512

    129aebabb0ed29944fa0952d93f2f116972558ddb58871a7dcf27e8a843cb3fc55bc64bfc00accca7e66051e86f2bc6b8b8677fa64a3512be7a37b19b44fa472

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\ST_DB.spt
    Filesize

    2.2MB

    MD5

    839e014e7bf8343944afa1f0b9c41e96

    SHA1

    38e8e0cae71f160da152587556528fcaba333aa3

    SHA256

    885ccd48f11c916f1e80807fb52d4f34a4f639dba330fb71fe163a6f72abef08

    SHA512

    305cb9ebba6faa3b404bf75bfcd849977170488d78ac0f1f913ba21ee53f9024fedd7b367b82426daf2d249d816c07a827129f535435428729280cf10e4d0ab4

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
    Filesize

    5.3MB

    MD5

    e762d8cc075ffbfe211f92f34ea8f153

    SHA1

    8d3165f8fdc293f5c4b149d0bd5ca6252e334412

    SHA256

    389f1f1a40070ad4bac245d8aa3270930e4f04b9ce42d7fb0bbe08b9d6136cf7

    SHA512

    5a41100ef75d48392b6d29c677252976a092bdb0c9108719496204317cdb8f7d2bd3f2c6ff645c299bb4d90a3ec06a6e4f62240798a3a31aadeac28909433bbf

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\24x7.xml
    Filesize

    11KB

    MD5

    0744e79cd32e08351609d09b3af017fe

    SHA1

    d4a7c1689f54dfc5492d78cc4cba3f2faa40f719

    SHA256

    1c660a8c1e40137aa41df4cd2bb465a43ed8f5ed2f59f4983bdf4c9db5e634f4

    SHA512

    2d097498249dc77211e05756cd4f6bf205ee8f4aef1798726f3861201fddaa17fd56cd5458c1af6f844327fe3f981dd644d9f57d8087218b442a7ad83661607b

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\analyze.xml
    Filesize

    10KB

    MD5

    7de1d4be2712041bfdb1cd580ccf3ac9

    SHA1

    960932bc1feb416bde6634d0099a2c971454e07b

    SHA256

    344c5ae0850008022732488cc12be17ae6f1119b47d59da7490e95da574722ec

    SHA512

    d5bfae821402a63ec05e5b11930b2090ba4db1cad453f928fd1851adb1074b9fd713a8f62690ca86b5c80e2bce9191c159513ac6347bebac007bf9de3f5d90e3

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\bloatware.xml
    Filesize

    10KB

    MD5

    726efd2d81d2444dfef02d3125ff11cf

    SHA1

    d0b4078551b98c63e3932bb78f3ec00b6e9764b9

    SHA256

    abeab2ab4e92b793bedf505785d7a7b31c6ec466b6a5fd18f5f24da0b7c81fb2

    SHA512

    18ba940f019b43af5100204ba718720d663aaaa3d9303304770aee09f458a493bfeb4179a4820a7563994e81347b7af1191a46ba2ec31d302b578b0330b9d653

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\optimizer.xml
    Filesize

    11KB

    MD5

    a4d1d3eb0935b42a9f5103e364672475

    SHA1

    ca61c70ef1abb33ee649801c2931ddffae0237ae

    SHA256

    64f04b0c30477281ba0d417c53b99745683ff8fcc768dbbfc52ebfff70c46952

    SHA512

    7b4291a4bbee8e8cf91f62f976eb521b639d967299779269e2993f35069b9ae31f70afc3d0653753dc4cd4d71ae23b888a0de137b455f02fcb1d812193bf3c88

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\ov.xml
    Filesize

    11KB

    MD5

    a2b00b06feacfa801b77560f429c1207

    SHA1

    0c370d1c0a1f1f24c0a8b7efd41fb5970fb9caf4

    SHA256

    b2dfaaf6fb96100d88cf020b50cb65a15a3eeb7c355004bea89d031dc25f2eae

    SHA512

    48d158fd10804ee1f4f82f979aaab48664fcb329ddc88e71e01af6739e1f598ae4f8e8069b9250f81eaff59bf3fd14f78411f74c8cc47a2cfbbc4db6c79c18ac

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\remover.xml
    Filesize

    9KB

    MD5

    ccc3a298e43a1195fe424263997a37c7

    SHA1

    e419703fd71b849c0a07350e4a85443bfc6ea5fa

    SHA256

    59f9cb31313f7b3871ca1ec49a85ac08298ed2c632c583224e2e6d0fb62249e2

    SHA512

    1fb55b49cf47a2a648dcd2dc4dc93684718969b6d8002c0bf2417f2fbb39fcda6aad98dd10f2e7934699d1459b028f0de2eb83581ce65201b7f0c0d4ac2e4cc5

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\restore.xml
    Filesize

    10KB

    MD5

    31010876e2035130101a0d9471085264

    SHA1

    00ce003795d56abba567d1cc73155ec450a199ef

    SHA256

    0aa5b96005d77866330f0ddbf562b84f2bb055485a61996eeb9da59acef2a4ad

    SHA512

    3c17635137eea8d3b6fa45a972686759324fca3f2e33b532d83055dc7c0ea02cb36048b3ebe8e2d0d64c182daae010e00e5082e4f7ac210d3144479f58cd10ac

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\so.xml
    Filesize

    10KB

    MD5

    f975adb6897d3a05d984af419e4a4a96

    SHA1

    f7577a373883f32d9723a114b77688484962893a

    SHA256

    0c048e3288f4bebf60f02cb5e346ddbf07f43abc1317c3adfd50208f9c9bb5d6

    SHA512

    a88d2d2b62fb6a6ef3427e61e7046ec511ab657ac9f555609d2e71541e04f56df348f1097dc0d34ef48bf53a5e30d1ee7a6d7cb1a1c71e43bb524f479d1d0423

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\startup.xml
    Filesize

    9KB

    MD5

    e6823c6f544f37892668542850924c47

    SHA1

    3cb013d074cae5e41aea86f4e4d8845e3d800e92

    SHA256

    96bac38081d9ec059989655c185a794390584c4c6080db3f6d87b3e743c08f66

    SHA512

    0312a1fc3ca2f729ae8131a2be933f8b728af88f4327f0b7f8ef6f665c1cc429b6499e2332c3aac8f7fce3b3749a74a07c40ff5da85f25f7780b0ddf5b0c3633

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\systemsettings.xml
    Filesize

    10KB

    MD5

    61c878e4512ce3f8dbc26f7da70e7295

    SHA1

    24120119d101ddd828463973ac85711fa37640d7

    SHA256

    b40d870d3bbb1b54c73898a8bd70e0d91498c6f6e8ae769e3385875798676188

    SHA512

    550424ee9b6f3da4a8c46c90fa235af050e5433a44f37acaf5645214ae31b43a77425ab0965554bfdf78136be912f9b866bbbf44cca2d8430d07fa0d8080d4b8

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\unstableaddons.xml
    Filesize

    9KB

    MD5

    76c409a6486276f5064d8b22bb1aa883

    SHA1

    cd03e5458dd417631ef380c1eefea11849825c0a

    SHA256

    5392d185f4865b2d7ff4c00eade1ae2874704e5292f2033579bb9339614a5249

    SHA512

    bd80bbc7ad3d14e26458d4433e01ce89b6f72bb170098b5e57e06177946e45c38bb8c74f4f569750c290caf95479da5eaa208b2954c580ff32834018d38e26b3

    Download Submit

  • C:\Program Files (x86)\Spyware Terminator\Tools\virtualkeyboard.xml
    Filesize

    9KB

    MD5

    8109e12763c9f90e5ddcc82db7ddbc54

    SHA1

    03bdec5c92814775df70e07f19296f653d1794cb

    SHA256

    401f505860d0ed2934e0847b5e73ecbfeab067cdd2c4ec354cbb482f01bfed06

    SHA512

    b8e3f19f94d0aa928eb9917df1d547bf6cb2dc26ddbff76a092b9e6c4b44c18bb6315b16ff0e720d6b71cd09dfaa69562f5fdc6b29e03905fa6f2f9ecdb86a93

    Download Submit

  • C:\ProgramData\Spyware Terminator\lng.ini
    Filesize

    667KB

    MD5

    c127978199a81cca95ab6e8376a4f180

    SHA1

    986bdbe394ad728b661c0c6edafa0c0f7073b2a5

    SHA256

    7d32891b45e6c63b74dec02e68d5629cb99f41ed8794f93d198a4999d161fc89

    SHA512

    60ee22dbe2dc97417a281334aeef269166479357df70337e58f61ce730ff57a8c1e8ab054d5c54f0062cf2af65ec8a63cd0a0b4f9183cc1c030271bab9fce1d5

    Download Submit

  • \Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
    Filesize

    6.7MB

    MD5

    5fba563818f67341904a43da705f16d0

    SHA1

    ec625cad222338fd7f0c8cf1399ba59c45d78f89

    SHA256

    613f4b7d73093ef622741753ffe30b2c09d47d6490e197aebd2655827337adf3

    SHA512

    1fbac427adf6d5eb42d68ad048dd6c8661c08469d006e76ceb28328564989f137a758a2b5ff2105f108e4b14127a6d368570d0bebda5a62a41b620ab18e53889

    Download Submit

  • \Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
    Filesize

    5.1MB

    MD5

    e9150f50ccb4f8eb44f5b0e1cabae3c7

    SHA1

    26977a765e04d7eef27309ce00554a319a6a657b

    SHA256

    b14379b3a070486f6b5c004a94749c973fe2eacdd7abbfe3685e3a8701a1fe5f

    SHA512

    e44804d4d03574a3496fbc2936b4af21e4ee86a4de9c5cbc7dc4444b0f007b3e48bbfe52964de974dca54f28ad01538d99e67afdf2ccd986ff5cb2801cff9c09

    Download Submit

  • \Program Files (x86)\Spyware Terminator\st_rsser64.exe
    Filesize

    3.1MB

    MD5

    3a55529c8d6d8974e7c3e7d90c13edb7

    SHA1

    c71d98f4c17c022a4a3d36139ed6118d4b335313

    SHA256

    1b1d68bb69c525bc40f7d19ff9ccb21025819cf1fb75c4096dbfa217e8db92ed

    SHA512

    a63c8bc03a59afe99e1c30407ded2cc5b291360e92e7b1b7276f9635f6f84dc46131b94d70591a4345f9f9ca316961c56ce910c74052a49af50c2d4db2d070c3

    Download Submit

  • \Program Files (x86)\Spyware Terminator\unins000.exe
    Filesize

    1.3MB

    MD5

    76b4b066c1b99ed01a34cf4e524d259e

    SHA1

    6d88a0756ae5912d3628f08eff82e627c8f9cf3e

    SHA256

    6826bc8183f7df2998243c5b97488c5a9d099bb5119d516e3e0efc20e5469109

    SHA512

    55c490a0ae5a2c1851e516ca06c8a20dfbbee53a231fb3b7bcf1c8f9f7c25f3e5160b2e3b84b708caa4622811204589fb8da7d3a489b0b1129265d2c4377dd0c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-A4BND.tmp\SpywareTerminatorSetup.tmp
    Filesize

    1.2MB

    MD5

    ff51b3686f50c07214d6f8abbaf15cf3

    SHA1

    53b116e9aede862d39be5fe15522f69699ec1fe5

    SHA256

    8f0f3d4fd5dcd5ff49bb484d01a170bd0b2714250141cd61d01b2ee8adb1517b

    SHA512

    46f5a203d9fb15acd2cd4cb003167b320e7b341b2ed66d09ae522b22e3ffa743be958ea830167c905e62aa8e1ad7babf9b48131d5e6629fa3c76485ea2843ca3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-PION0.tmp\_isetup\_shfoldr.dll
    Filesize

    22KB

    MD5

    92dc6ef532fbb4a5c3201469a5b5eb63

    SHA1

    3e89ff837147c16b4e41c30d6c796374e0b8e62c

    SHA256

    9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

    SHA512

    9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

    Download Submit

  • memory/588-127-0x0000000002510000-0x00000000025FD000-memory.dmp

    Filesize

    948KB

    Download

  • memory/596-133-0x00000000027D0000-0x000000000290C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/696-92-0x0000000002150000-0x00000000022BB000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1248-292-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/1248-1085-0x0000000000400000-0x0000000000922000-memory.dmp

    Filesize

    5.1MB

    Download

  • memory/1420-130-0x00000000022C0000-0x000000000242B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1524-221-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1696-86-0x0000000002130000-0x000000000221D000-memory.dmp

    Filesize

    948KB

    Download

  • memory/1712-262-0x0000000006400000-0x0000000006456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1712-289-0x00000000063A0000-0x00000000063B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1712-1028-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1712-1027-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1712-1023-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1712-1019-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1712-1012-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1712-314-0x00000000063A0000-0x00000000063A4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1712-315-0x00000000063A0000-0x00000000063A4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1712-316-0x00000000063A0000-0x00000000063B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1712-318-0x00000000063A0000-0x00000000063BD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1712-319-0x00000000063A0000-0x00000000063BD000-memory.dmp

    Filesize

    116KB

    Download

  • memory/1712-320-0x00000000063A0000-0x00000000063CA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1712-321-0x00000000063A0000-0x00000000063CA000-memory.dmp

    Filesize

    168KB

    Download

  • memory/1712-322-0x00000000063A0000-0x00000000063B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1712-323-0x00000000063A0000-0x00000000063B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1712-234-0x00000000063A0000-0x00000000063DE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1712-233-0x00000000063A0000-0x00000000063DE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1712-236-0x0000000006400000-0x0000000006457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1712-235-0x0000000006400000-0x0000000006457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1712-238-0x00000000063A0000-0x00000000063AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1712-237-0x00000000063A0000-0x00000000063AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1712-239-0x0000000006400000-0x000000000647B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1712-240-0x0000000006400000-0x000000000647B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1712-243-0x0000000006400000-0x0000000006456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1712-242-0x00000000063A0000-0x00000000063DE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1712-244-0x00000000063A0000-0x00000000063CF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1712-241-0x0000000006400000-0x0000000006456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1712-248-0x0000000006400000-0x0000000006457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1712-247-0x0000000006400000-0x0000000006457000-memory.dmp

    Filesize

    348KB

    Download

  • memory/1712-246-0x00000000063A0000-0x00000000063CF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1712-245-0x00000000063A0000-0x00000000063DE000-memory.dmp

    Filesize

    248KB

    Download

  • memory/1712-252-0x00000000063A0000-0x00000000063AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1712-251-0x00000000063A0000-0x00000000063B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1712-250-0x0000000006400000-0x0000000006489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/1712-249-0x0000000006400000-0x0000000006489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/1712-253-0x00000000063A0000-0x00000000063A7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1712-255-0x00000000063A0000-0x00000000063B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1712-254-0x0000000006400000-0x000000000647B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1712-256-0x00000000063A0000-0x00000000063B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1712-259-0x00000000063A0000-0x00000000063BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1712-266-0x0000000006400000-0x0000000006456000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1712-265-0x00000000063A0000-0x00000000063E7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1712-264-0x00000000063A0000-0x00000000063AB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1712-263-0x00000000063A0000-0x00000000063E7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1712-324-0x0000000006400000-0x000000000645E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1712-261-0x0000000006400000-0x000000000647B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1712-260-0x00000000063A0000-0x00000000063A7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1712-258-0x00000000063A0000-0x00000000063BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1712-257-0x00000000063A0000-0x00000000063B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1712-268-0x00000000063A0000-0x00000000063B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1712-270-0x00000000063A0000-0x00000000063B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1712-269-0x00000000063A0000-0x00000000063B9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1712-267-0x00000000063A0000-0x00000000063AB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1712-274-0x00000000063A0000-0x00000000063CF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1712-273-0x00000000063A0000-0x00000000063BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1712-272-0x00000000063A0000-0x00000000063BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1712-271-0x00000000063A0000-0x00000000063B9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1712-275-0x00000000063A0000-0x00000000063CF000-memory.dmp

    Filesize

    188KB

    Download

  • memory/1712-276-0x00000000063A0000-0x00000000063AB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1712-281-0x0000000006400000-0x0000000006489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/1712-291-0x00000000063A0000-0x00000000063E8000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1712-290-0x00000000063A0000-0x00000000063BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1712-325-0x0000000006400000-0x000000000645E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/1712-288-0x00000000063A0000-0x00000000063E8000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1712-287-0x00000000063A0000-0x00000000063E7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1712-286-0x00000000063A0000-0x00000000063A7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1712-285-0x0000000006400000-0x000000000647B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1712-284-0x0000000006400000-0x000000000647B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/1712-283-0x00000000063A0000-0x00000000063B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1712-282-0x00000000063A0000-0x00000000063B2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1712-278-0x00000000063A0000-0x00000000063AB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1712-280-0x00000000063A0000-0x00000000063A9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1712-279-0x00000000063A0000-0x00000000063A9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1712-277-0x0000000006400000-0x0000000006489000-memory.dmp

    Filesize

    548KB

    Download

  • memory/1712-326-0x00000000063A0000-0x00000000063A5000-memory.dmp

    Filesize

    20KB

    Download

  • memory/1712-293-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/1712-313-0x00000000063A0000-0x00000000063A4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/1712-312-0x00000000063A0000-0x00000000063BB000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1712-311-0x00000000063A0000-0x00000000063B9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1712-310-0x00000000063A0000-0x00000000063B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1712-309-0x00000000063A0000-0x00000000063B9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1712-308-0x00000000063A0000-0x00000000063E7000-memory.dmp

    Filesize

    284KB

    Download

  • memory/1712-307-0x00000000063A0000-0x00000000063B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1712-306-0x00000000063A0000-0x00000000063AB000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1712-305-0x00000000063A0000-0x00000000063B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1712-304-0x00000000063A0000-0x00000000063B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1712-303-0x00000000063A0000-0x00000000063EC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1712-302-0x00000000063A0000-0x00000000063EC000-memory.dmp

    Filesize

    304KB

    Download

  • memory/1712-301-0x00000000063A0000-0x00000000063A8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1712-300-0x00000000063A0000-0x00000000063AA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1712-299-0x00000000063A0000-0x00000000063BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1712-298-0x00000000063A0000-0x00000000063BE000-memory.dmp

    Filesize

    120KB

    Download

  • memory/1712-297-0x00000000063A0000-0x00000000063B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1712-296-0x00000000063A0000-0x00000000063B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1712-295-0x00000000063A0000-0x00000000063B5000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1712-294-0x00000000063A0000-0x00000000063A7000-memory.dmp

    Filesize

    28KB

    Download

  • memory/1712-317-0x00000000063A0000-0x00000000063B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1940-137-0x0000000002230000-0x000000000242A000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2088-145-0x0000000000400000-0x000000000053C000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2324-1084-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2324-1025-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2324-1097-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2324-232-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2324-1021-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2324-1010-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2324-1016-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2464-229-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2464-87-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2464-2-0x0000000000401000-0x000000000040D000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2464-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2500-155-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/2500-149-0x0000000000400000-0x0000000000AB9000-memory.dmp

    Filesize

    6.7MB

    Download

  • memory/2852-88-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2852-9-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2852-148-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2852-226-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2852-89-0x0000000000400000-0x000000000054C000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2888-230-0x0000000000400000-0x000000000095B000-memory.dmp

    Filesize

    5.4MB

    Download

  • memory/2984-150-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2984-1024-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2984-154-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2984-1020-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2984-1083-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2984-1015-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2984-1008-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2984-1096-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2984-231-0x0000000000400000-0x0000000000731000-memory.dmp

    Filesize

    3.2MB

    Download